Mayckon Giovani

@mayckongiovani
3 Followers
60 Following
11 Posts
I am a Principal Systems Engineer specializing in post-quantum cryptography, distributed systems, and security-critical infrastructure.
websitehttps://mayckongiovani.xyz
githubhttps://github.com/doomhammerhell
gitlabhttps://gitlab.com/doomhammerhell
Mayckon Giovani1d ago

Most compliance failures aren’t regulatory problems.

They’re architectural problems.

State inconsistency + bad sequencing = violations.

https://dev.to/doomhammerhell/compliance-architecture-in-distributed-financial-systems-policy-enforcement-state-control-and-2ch2

Compliance Architecture in Distributed Financial Systems: Policy Enforcement, State Control, and Regulatory Invariants

Abstract Compliance in financial systems is often perceived as an external requirement...

DEV Community
Mayckon Giovani2d ago

Solana moves fast.
ZK on Solana moves… vibes faster.

Everyone talks about compression, light clients, zkVMs, proving pipelines.

Formal methods? Mostly absent where it actually matters.

So you end up with this beautiful illusion:

high throughput
low latency
“verified proofs”

…sitting on top of undefined invariants.
ZK without formal methods is just expensive ambiguity.

And Solana right now is dangerously close to optimizing the ambiguity layer.

#solana #zk #cryptography #formalmethods

Show threadMayckon Giovani3d ago
People keep treating composability like it’s automatic, when it’s exactly where guarantees go to die. Once you chain proofs, you’re outside the model of any single system. Soundness, ZK, extraction, none of it survives “by default”, especially with Fiat–Shamir, concurrency, and shared state. If you can’t define the joint adversary and the full execution model, you don’t have security. You have a stack of assumptions pretending to compose.
Mayckon Giovani3d ago

Post-Quantum IPsec is getting… boring.

Hybrid ML-KEM + Diffie-Hellman.
One construction. No ciphersuite chaos.

Because the real threat isn’t quantum.
It’s time.

Attackers don’t break crypto today.
They store it and wait.

If your security depends on when it’s attacked, it’s already broken.

https://dev.to/doomhammerhell/post-quantum-ipsec-is-finally-becoming-boring-and-thats-the-point-2a2p

Post-Quantum IPsec Is Finally Becoming Boring — And That’s the Point

Cloudflare didn’t “innovate” here. They removed entropy. They took a space that was degenerating...

DEV Community
Mayckon Giovani4d ago

A protocol isn’t your happy path.
It’s what still holds under adversarial execution.

If you can’t define invariants over all state transitions, you’re not designing a protocol. You’re describing intent.

“Exploits” are just valid executions you failed to model.

#FormalMethods #ProtocolDesign #Cryptography

Mayckon Giovani4d ago

ZK discourse turned into a glossary contest. SNARK vs STARK, proof vs argument… meanwhile almost no one models adversaries, composition, or real leakage. “ZK is free” and “Fiat-Shamir depends” in production is how systems break.

https://hackmd.io/ndS_6PmRSPaUHwEby7cYWw

#ZK #Cryptography #Security #Web3

ZK is Becoming a Vocabulary Problem, Not a Security Discipline - HackMD

HackMD
Mayckon Giovani5d ago

PQC is not a primitive upgrade, it’s an architectural reset.
QIA-QZK eliminates reusable identity artifacts and moves authentication to ephemeral, session-bound proofs with zero-knowledge properties.

https://app.daily.dev/posts/VLmkxlxDr

#zK #PQC

QIA-QZK: Rethinking Authentication in a Post-Quantum World | daily.dev

QIA-QZK is a proposed authentication framework designed for the post-quantum era that goes beyond simply swapping cryptographic primitives. Rather than...

daily.dev
Mayckon GiovaniMar 14

Smart contracts don’t replace financial systems.They extend them into a different trust domain.

Deterministic settlement on chain. Operational control off chain.

The real architecture lives at that boundary.

https://dev.to/doomhammerhell/smart-contract-infrastructure-in-financial-systems-determinism-security-boundaries-and-execution-15of

#blockchain #fintech #web3

Smart Contract Infrastructure in Financial Systems: Determinism, Security Boundaries, and Execution Guarantees

Abstract Smart contracts are often described as autonomous programs running on...

DEV Community
Mayckon GiovaniMar 12

Hybrid PQC migration isn’t a “crypto upgrade.” The moment two primitives coexist in the same protocol, the transition logic becomes part of the attack surface.
The hard problem in post-quantum isn’t math. It’s the migration envelope.

https://www.stigning.com/en/blog/2026-03-11-hybridizing-wireguard-pqc-migration

Hybridizing WireGuard for Post-Quantum Migration Under Operational Constraints | STIGNING

Infrastructure doctrine for preserving handshake simplicity while hardening against downgrade and lifecycle failure

STIGNING
Mayckon GiovaniMar 5
Most threat models assume the attacker is external.
Reality is more creative.
Sometimes the attacker is the network scheduler, sometimes it is a race condition, sometimes it is a perfectly honest engineer deploying at 3 AM.
Adversarial systems theory should probably include sleep deprivation.